Описание
ELSA-2026-5581: nginx:1.24 security update (MODERATE)
[1.24.0-2.0.1]
- Remove Red Hat references [Orabug: 29498217]
[1:1.24.0-2]
- Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections (CVE-2026-1642)
[1:1.24.0-1]
- Resolves: RHEL-14714 - add nginx:1.24 to RHEL 8.10
[1:1.22.1-2]
- Resolves: RHEL-12728 - nginx:1.22/nginx: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)(CVE-2023-44487)
[1:1.22.1-1]
- Resolves: #2112345 - nginx:1.22 for RHEL 8
- add stream_geoip_module and stream_realip_module
- remove obsolete --with-ipv6
[1:1.20.1-1]
- rebase to 1.20.1 (addressing CVE-2021-23017)
[1:1.20.0-4]
- add delaycompress to logrotate config (#2015243)
[1:1.20.0-3]
- Add -mod-devel subpackage for building external nginx modules (Neal Gompa) Resolves: #1991787
[1:1.20.0-2]
- Resolves: #1991796 - build nginx with --with-compat
[1:1.20.0-1]
- new version 1.20.0
- Resolves: #1945671 - RFE: add nginx:1.20 module stream
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module nginx:1.24 is enabled
nginx
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
nginx-all-modules
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
nginx-filesystem
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
nginx-mod-devel
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
nginx-mod-http-image-filter
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
nginx-mod-http-perl
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
nginx-mod-http-xslt-filter
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
nginx-mod-mail
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
nginx-mod-stream
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
Oracle Linux x86_64
Module nginx:1.24 is enabled
nginx
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
nginx-all-modules
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
nginx-filesystem
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
nginx-mod-devel
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
nginx-mod-http-image-filter
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
nginx-mod-http-perl
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
nginx-mod-http-xslt-filter
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
nginx-mod-mail
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
nginx-mod-stream
1.24.0-2.0.1.module+el8.10.0+90849+dcad285b
Связанные CVE
Связанные уязвимости
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
A vulnerability exists in NGINX OSS and NGINX Plus when configured to ...
